From b086356254ee6ac91993d1c41278c3235c6227ee Mon Sep 17 00:00:00 2001 From: Kabbone Date: Sun, 18 Dec 2022 13:15:40 +0100 Subject: [PATCH] agenix: enable agenix --- flake.lock | 26 ++++++++++++++++++++------ flake.nix | 2 +- hosts/configuration_desktop.nix | 3 ++- hosts/configuration_server.nix | 1 + modules/desktop/sway/home.nix | 5 +++-- secrets/secrets.nix | 25 +++++++++++++++++++++++++ 6 files changed, 52 insertions(+), 10 deletions(-) create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 0a504a2..696772f 100644 --- a/flake.lock +++ b/flake.lock @@ -2,9 +2,7 @@ "nodes": { "agenix": { "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1665870395, @@ -116,13 +114,13 @@ "locked": { "lastModified": 1671200928, "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=", - "owner": "nixos", + "owner": "NixOS", "repo": "nixpkgs", "rev": "757b82211463dd5ba1475b6851d3731dfe14d377", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -144,6 +142,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1671200928, + "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "757b82211463dd5ba1475b6851d3731dfe14d377", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1671251299, @@ -165,7 +179,7 @@ "home-manager": "home-manager", "hyprland": "hyprland", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur" } diff --git a/flake.nix b/flake.nix index 439e930..91578b3 100644 --- a/flake.nix +++ b/flake.nix @@ -31,7 +31,7 @@ agenix = { url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs-stable"; + #inputs.nixpkgs.follows = "nixpkgs-stable"; }; }; diff --git a/hosts/configuration_desktop.nix b/hosts/configuration_desktop.nix index a737163..85a77f3 100644 --- a/hosts/configuration_desktop.nix +++ b/hosts/configuration_desktop.nix @@ -10,7 +10,7 @@ # └─ default.nix # -{ config, lib, pkgs, inputs, user, location, ... }: +{ config, lib, pkgs, inputs, user, location, agenix, ... }: { imports = # Import window or display manager. @@ -97,6 +97,7 @@ dig qmk-udev-rules gptfdisk + agenix.defaultPackage.x86_64-linux ]; }; diff --git a/hosts/configuration_server.nix b/hosts/configuration_server.nix index fe8a548..be8d40b 100644 --- a/hosts/configuration_server.nix +++ b/hosts/configuration_server.nix @@ -85,6 +85,7 @@ lm_sensors bind dig + agenix ]; }; diff --git a/modules/desktop/sway/home.nix b/modules/desktop/sway/home.nix index 0a2bfbb..969361d 100644 --- a/modules/desktop/sway/home.nix +++ b/modules/desktop/sway/home.nix @@ -105,7 +105,8 @@ window.commands = [ { command = "floating enable"; criteria = { class = "Pavucontrol"; }; } { command = "floating enable"; criteria = { class = "Galculator"; }; } - { command = "floating enable"; criteria = { class = "^Yubi$"; }; } + { command = "floating enable"; criteria = { class = "Nitrokey App"; }; } + { command = "floating enable"; criteria = { class = "Yubico Authenticator"; }; } { command = "floating enable"; criteria = { window_role = "pop-up"; }; } ]; @@ -228,7 +229,7 @@ export VDPAU_DRIVER="iHD"; export XDG_SESSION_TYPE="wayland"; export XDG_CURRENT_DESKTOP="sway"; - #export QT_QPA_PLATFORMTHEME="wayland-egl"; + export QT_QPA_PLATFORMTHEME="wayland-egl"; export GST_VAAPI_ALL_DRIVERS="1"; export GTK_THEME="Arc"; export _JAVA_AWT_WM_NONREPARENTING="1"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..498a53e --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,25 @@ +let + kabbone = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo="; + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVQmOem6iMFx1whIpF66B8jv3iWhLYyBkgsl+Bm9LhBjsIrhOBUmkvIA8w0uojxO3XFNqeeyUfsqrAW2PrsNl6JXEDlRw9oaaCH3C0daCxr76peTGxKhXek+kfQIC0HIcqAif+TdmAC3Q6TK3R2/I4yTgt0XOVbkJpOHhbR6kjyTjx1CMEVmbKgduIpeznBDOlC+iotqbchBVQKmnqJt0HNbSFxL4G1bN9UQlr8wzaSf/ZBTPU/ARfES4nrNc4vmztZmsI7clk57JKHFcf19PiMgUWMxdfW5bhMmf/7ARgrk4hZPmWmBnRK1njmFICBuWfAbDx1wnRfDVtSOxiNmMuN3pLUmB9XQCAgvC3kreFs7yDYoYPFcVUA0+AV/hRvB6ISwbsZb9qZSwAVrbnwiMb3e8SJYUb9GKFWPEjNLVYPj66mYH4Hi9FB9q76OQ1kCZthov+pAgy2S4kv0PoqDcpVZxlHsULoXokS2r9yQ/xzQopobbbTkZq4lXv79UZlyrr5zcQ7c4/ojDRxNtFmYlD/dltWWy9ZwcoKioRCFd2CSPRGTx46VClrJ0yJpNX2boyh/Av/6nsucocasLzZ9EHkctvrZQMq3u2FwCQPQ37kdY/JPYpDYKnAJMx4VgLqycbkTBnGDUbHyfVCEEBklTy35JKd73Vm3df7NNk5qA4bQ=="; + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo="; + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo="; + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo="; + ]; + users = [ kabbone ]; + + dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; + hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; + nbf5 = ""; + systems = [ + hades + nbf5 + dmz + ]; + servers = [ + dmz + ]; +in + { + "passwords/services/mail/mailjet.age".publicKeys = servers ++ users; + }